diff --git a/README.md b/README.md
index 87f4cd7..9a2c4b7 100644
--- a/README.md
+++ b/README.md
@@ -229,6 +229,10 @@ Use `wp help saml-auth <command>` to learn more about each command.
 
 See [CONTRIBUTING.md](https://github.com/pantheon-systems/wp-saml-auth/blob/master/CONTRIBUTING.md) for information on contributing.
 
+## Security Policy ##
+### Reporting Security Bugs
+Please report security bugs found in the WP SAML Auth plugin's source code through the [Patchstack Vulnerability Disclosure Program](https://patchstack.com/database/vdp/wp-saml-auth). The Patchstack team will assist you with verification, CVE assignment, and notify the developers of this plugin.
+
 ## Frequently Asked Questions ##
 
 ### Can I update an existing WordPress user's data when they log back in? ###
diff --git a/readme.txt b/readme.txt
index 3a0e92c..3f0ec84 100644
--- a/readme.txt
+++ b/readme.txt
@@ -266,6 +266,10 @@ Note: the declaration does need to be at the top of `_include.php`, to ensure Wo
 
 There is no third step. Because SimpleSAMLphp loads WordPress, which has WP Native PHP Sessions active, SimpleSAMLphp and WP SAML Auth will be able to communicate to one another on a multi web node environment.
 
+= Where do I report security bugs found in this plugin? =
+
+Please report security bugs found in the source code of the WP SAML Auth plugin through the [Patchstack Vulnerability Disclosure Program](https://patchstack.com/database/vdp/wp-saml-auth). The Patchstack team will assist you with verification, CVE assignment, and notify the developers of this plugin.
+
 == Upgrade Notice ==
 
 = 2.0.0 =